IMPLEMENTASI OCTAVE-S DAN STANDAR PENGENDALIAN ISO 27001:2013 PADA MANAJEMEN RISIKO SISTEM INFORMASI PERGURUAN TINGGI

In higher education, information systems become a strategic tool for the continuity of universities or institutions themselves, especially in the running business processes. The disruption of information systems in higher education will have a bad impact, especially for the continuity of business processes, information systems that initially as a tool will then turn into a threat and even become a risk if it is not properly addressed and mitigated. The problem that arises is that University of Muhammadiyah Tangerang has never conducted a system risk analysis assessment of existing information, including policies relating to information technology security. This study aims to provide information to the University of Muhammadiyah Tangerang regarding the risks, threats and weaknesses of information technology found and recommendations that can be applied to mitigate risks that can arise. This study uses the octave-s risk analysis method combined with ISO 27001: 2013 control standards. The results of this study are in the form of a final document that can be used as a guideline and help in the future development of a risk analysis assessment at UMT. The results of the evaluation obtained, it is known that risk management is in the MEDIUM position, meaning that UMT does not experience risks that can stop / damage information systems that have an impact on the cessation of teaching and learning, but risks and weaknesses in universities can have an impact on decreasing university performance immediately.